Privacy Policy
Effective Date: 2024-06-23 | Last Updated: 2024-06-23
1. Introduction
This Privacy Policy describes how Sai Health ("we," "our," or "us"), a company in the process of incorporating as a UG under German law, collects, uses, and protects your personal information when you use our services.
Contact Information:
- Email: hi@sai.health
- Privacy inquiries: privacy@sai.health
- Address: Cameron Hashemi, Topsstrasse 25, 10437, Berlin, Germany
2. Information We Collect
2.1 Personal Information
We collect the following types of personal information:
Contact Information:
- Email address
Health-Related Information:
- Information related to sleep
2.2 How We Collect Information
We collect information when you:
- Sign up for our waitlist
- Complete our sleep assessment form
- Communicate with us via email
3. Legal Basis for Processing (GDPR)
3.1 Regular Personal Information
For contact information, we process your data based on:
- Consent (Article 6(1)(a) GDPR) - for marketing communications
- Legitimate interests (Article 6(1)(f) GDPR) - for providing our services and product development
3.2 Special Category Health Data
For sleep-related health information, we process your data based on:
- Explicit consent (Article 9(2)(a) GDPR) - We will obtain your explicit, separate consent before collecting any health-related information
4. How We Use Your Information
We use your personal information to:
- Develop and improve our products and services
- Communicate with you about our services and updates
- Send marketing communications (with your consent)
- Respond to your inquiries and requests
5. Data Sharing and Disclosure
5.1 Service Providers
We share your information with trusted third-party service providers who assist us in operating our services:
- Supabase - Database hosting and management
- Resend - Email delivery services
- Google LLC - Various business services
All service providers are contractually required to protect your data and use it only for the purposes we specify.
5.2 Legal Requirements
We may disclose your information if required by law, regulation, or valid legal process.
6. International Data Transfers
As we are based in the EU and use service providers located outside the EU (including in the United States), your data may be transferred internationally. We ensure appropriate safeguards are in place:
- Data is encrypted at rest and in transit
- Service providers implement adequate security measures
- We have appropriate data processing agreements in place
7. Data Retention
We retain your personal information for two (2) years after your last interaction with our product or business. After this period, we will securely delete your data unless we have a legal obligation to retain it longer.
Special provisions:
- If you unsubscribe from communications, we will delete your data within 30 days
- You can request earlier deletion at any time
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- All data is encrypted at rest and in transit
- Access is restricted to privileged employees on a need-to-know basis
- Regular security assessments and updates
9. Your Rights
9.1 GDPR Rights (EU Residents)
You have the following rights regarding your personal data:
- Right of access - Request a copy of your personal data
- Right to rectification - Correct inaccurate personal data
- Right to erasure - Request deletion of your personal data
- Right to restrict processing - Limit how we use your data
- Right to data portability - Receive your data in a structured format
- Right to object - Object to processing based on legitimate interests
- Right to withdraw consent - Withdraw consent for health data processing at any time
9.2 CCPA Rights (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it's used
- Delete your personal information (with certain exceptions)
- Opt-out of the sale or sharing of your personal information
- Correct inaccurate personal information
- Limit the use and disclosure of sensitive personal information
- Non-discrimination for exercising your privacy rights
9.3 Exercising Your Rights
To exercise any of these rights, please email us at privacy@sai.health with:
- Your name and email address
- Specific request details
- Verification of your identity (if required)
We will respond to your request within 30 days.
10. Sensitive Personal Information (CCPA)
Under California law, the sleep and health information we collect is considered "sensitive personal information." You have the right to limit our use of this information to providing the services you requested.
11. Children's Privacy
Our Services are not intended for use by children under the age of 18 ("Child" or "Children").
We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
12. Consent for Health Data Collection
Before collecting any health-related information, we will:
- Clearly explain what health data we're collecting and why
- Obtain your explicit, separate consent through a dedicated permission form
- Inform you of your right to withdraw consent at any time
- Ensure you understand the voluntary nature of providing health information
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on our website
- Sending you an email notification (for significant changes)
- Updating the "Last Updated" date at the top of this policy
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- General inquiries: hi@sai.health
- Privacy matters: privacy@sai.health
- Mail: Cameron Hashemi, Topsstrasse 25, 10437, Berlin, Germany